CVE-2016-1677
Published: 31 May 2016
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
Notes
Author | Note |
---|---|
mikesalvatore | The Ubuntu Security Team does not support libv8 |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(51.0.2704.79-0ubuntu2~cm1)
|
bionic |
Released
(51.0.2704.79-0ubuntu2~cm1)
|
|
cosmic |
Released
(51.0.2704.79-0ubuntu2~cm1)
|
|
precise |
Ignored
|
|
trusty |
Released
(51.0.2704.79-0ubuntu0.14.04.1.1121)
|
|
upstream |
Released
(51.0.2704.63-1)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(51.0.2704.79-0ubuntu0.16.04.1.1242)
|
|
yakkety |
Released
(51.0.2704.79-0ubuntu2~cm1)
|
|
zesty |
Released
(51.0.2704.79-0ubuntu2~cm1)
|
|
libv8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
libv8-3.14 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Ignored
(libv8 not supported)
|
|
cosmic |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [libv8 not supported])
|
|
upstream |
Needed
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(libv8 not supported)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Released
(1.15.7-0ubuntu1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(1.15.7-0ubuntu0.14.04.1)
|
|
upstream |
Released
(1.15.7)
|
|
wily |
Released
(1.15.7-0ubuntu0.15.10.1)
|
|
xenial |
Released
(1.15.7-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(1.15.7-0ubuntu1)
|
|
zesty |
Released
(1.15.7-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |